Refer to the following sections for security updates relating to this release.

The WAF engine has been updated to from ModSecurity 2.9.3 to version 2.9.5 to close the CVE-2021-42717 vulnerability. As a result, a new JSON Depth Limit parameter has been added to the WAF Advanced Options that controls the depth to which JSON data is examined by the WAF engine. The default of 10000 is the recommended value. Lower values may cause a match failure if not enough data is examined to produce a match; higher values may cause the WAF engine to run slower as the amount of data examined increases.